benchmarktests

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2023 License: MPL-2.0 Imports: 44 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ApproleAuthTestType   = "approle_auth"
	ApproleAuthTestMethod = "POST"
)

Constants for test

View Source 
const (
	CertAuthTestType   = "cert_auth"
	CertAuthTestMethod = "POST"
)

Constants for test

View Source 
const (
	JWTAuthTestType   = "jwt_auth"
	JWTAuthTestMethod = "POST"
)

Constants for test

View Source 
const (
	KubeAuthTestType               = "kube_auth"
	KubeAuthTestMethod             = "POST"
	DefaultServiceAccountTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token"
)

Constants for test

View Source 
const (
	LDAPAuthTestType               = "ldap_auth"
	LDAPAuthTestMethod             = "POST"
	LDAPAuthTestUserNameEnvVar     = VaultBenchmarkEnvVarPrefix + "LDAP_TEST_USERNAME"
	LDAPAuthTestUserPasswordEnvVar = VaultBenchmarkEnvVarPrefix + "LDAP_TEST_PASSWORD"
	LDAPAuthBindPassEnvVar         = VaultBenchmarkEnvVarPrefix + "LDAP_BIND_PASS"
)

Constants for test

View Source 
const (
	UserpassTestType       = "userpass_auth"
	UserpassAuthTestMethod = "POST"
)
View Source 
const (
	CassandraSecretTestType   = "cassandra_secret"
	CassandraSecretTestMethod = "GET"
	CassandraDBUsernameEnvVar = VaultBenchmarkEnvVarPrefix + "CASSANDRADB_USERNAME"
	CassandraDBPasswordEnvVar = VaultBenchmarkEnvVarPrefix + "CASSANDRADB_PASSWORD"
)

Constants for test

View Source 
const (
	ConsulSecretTestType   = "consul_secret"
	ConsulSecretTestMethod = "GET"
	ConsulTokenEnvVar      = VaultBenchmarkEnvVarPrefix + "CONSUL_TOKEN"
)

Constants for test

View Source 
const (
	CouchbaseSecretTestType   = "couchbase_secret"
	CouchbaseSecretTestMethod = "GET"
	CouchbaseUsernameEnvVar   = VaultBenchmarkEnvVarPrefix + "COUCHBASE_USERNAME"
	CouchbasePasswordEnvVar   = VaultBenchmarkEnvVarPrefix + "COUCHBASE_PASSWORD"
)
View Source 
const (
	RedisDynamicSecretTestType         = "redis_dynamic_secret"
	RedisDynamicSecretTestMethod       = "GET"
	RedisDynamicSecretDBUsernameEnvVar = VaultBenchmarkEnvVarPrefix + "REDIS_USERNAME"
	RedisDynamicSecretDBPasswordEnvVar = VaultBenchmarkEnvVarPrefix + "REDIS_PASSWORD"
)

Constants for test

View Source 
const (
	ElasticSearchSecretTestType   = "elasticsearch_secret"
	ElasticSearchSecretTestMethod = "GET"
	ElasticSearchUsernameEnvVar   = VaultBenchmarkEnvVarPrefix + "ELASTICSEARCH_USERNAME"
	ElasticSearchPasswordEnvVar   = VaultBenchmarkEnvVarPrefix + "ELASTICSEARCH_PASSWORD"
)

Constants for test

View Source 
const (
	KVV1ReadTestType    = "kvv1_read"
	KVV1WriteTestType   = "kvv1_write"
	KVV1ReadTestMethod  = "GET"
	KVV1WriteTestMethod = "POST"
)

Constants for test

View Source 
const (
	KVV2ReadTestType    = "kvv2_read"
	KVV2WriteTestType   = "kvv2_write"
	KVV2ReadTestMethod  = "GET"
	KVV2WriteTestMethod = "POST"
)
View Source 
const (
	MongoDBSecretTestType   = "mongodb_secret"
	MongoDBSecretTestMethod = "GET"
	MongoDBUsernameEnvVar   = VaultBenchmarkEnvVarPrefix + "MONGODB_USERNAME"
	MongoDBPasswordEnvVar   = VaultBenchmarkEnvVarPrefix + "MONGODB_PASSWORD"
)
View Source 
const (
	MSSQLSecretTestType   = "mssql_secret"
	MSSQLSecretTestMethod = "GET"
	MSSQLUsernameEnvVar   = VaultBenchmarkEnvVarPrefix + "MSSQL_USERNAME"
	MSSQLPasswordEnvVar   = VaultBenchmarkEnvVarPrefix + "MSSQL_PASSWORD"
)

Constants for test

View Source 
const (
	PKIIssueTestType   = "pki_issue"
	PKIIssueTestMethod = "POST"
)
View Source 
const (
	PKISignTestType   = "pki_sign"
	PKISignTestMethod = "POST"
)
View Source 
const (
	PostgreSQLSecretTestType   = "postgresql_secret"
	PostgreSQLSecretTestMethod = "GET"
	PostgreSQLUsernameEnvVar   = VaultBenchmarkEnvVarPrefix + "POSTGRES_USERNAME"
	PostgreSQLPasswordEnvVar   = VaultBenchmarkEnvVarPrefix + "POSTGRES_PASSWORD"
)

Constants for test

View Source 
const (
	RabbitMQSecretTestType   = "rabbitmq_secret"
	RabbitMQSecretTestMethod = "GET"
	RabbitMQUsernameEnvVar   = VaultBenchmarkEnvVarPrefix + "RABBITMQ_USERNAME"
	RabbitMQPasswordEnvVar   = VaultBenchmarkEnvVarPrefix + "RABBITMQ_PASSWORD"
)

Constants for test

View Source 
const (
	SSHIssueTestType   = "ssh_issue"
	SSHIssueTestMethod = "POST"
)
View Source 
const (
	SSHKeySignTestType   = "ssh_sign"
	SSHKeySignTestMethod = "POST"
)
View Source 
const (
	RedisStaticSecretTestType       = "redis_static_secret"
	RedisStaticSecretTestMethod     = "GET"
	RedisStaticSecretUsernameEnvVar = VaultBenchmarkEnvVarPrefix + "STATIC_REDIS_USERNAME"
	RedisStaticSecretPasswordEnvVar = VaultBenchmarkEnvVarPrefix + "STATIC_REDIS_PASSWORD"
)

Constants for test

View Source 
const (
	TransformTokenizationTestType   = "transform_tokenization"
	TransformTokenizationTestMethod = "POST"
	TransformStoreUsernameEnvVar    = VaultBenchmarkEnvVarPrefix + "TRANSIT_STORE_USERNAME"
	TransformStorePasswordEnvVar    = VaultBenchmarkEnvVarPrefix + "TRANSIT_STORE_PASSWORD"
)
View Source 
const (
	TransitSignSecretTestType    = "transit_sign"
	TransitVerifySecretTestType  = "transit_verify"
	TransitEncryptSecretTestType = "transit_encrypt"
	TransitDecryptSecretTestType = "transit_decrypt"
	TransitSecretTestMethod      = "POST"
)
View Source 
const (
	HAStatusTestType   = "ha_status"
	SealStatusTestType = "seal_status"
	MetricsTestType    = "metrics"
	StatusTestMethod   = "GET"
)
View Source 
const (
	VaultBenchmarkEnvVarPrefix = "VAULT_BENCHMARK_"
)

Variables

View Source 
var (
	ErrIsDirectory = errors.New("location is a directory, not a file")
)
View Source 
var (
	TestList = make(map[string]func() BenchmarkBuilder)
)

Functions

func GenerateCert 

func GenerateCert(caCertTemplate *x509.Certificate, caSigner crypto.Signer) (string, string, error)

GenerateCert creates a new leaf cert from provided CA template and signer

func IsFile 

func IsFile(path string) (bool, error)

Types

type ApproleAuth 

type ApproleAuth struct {
	// contains filtered or unexported fields
}

Approle Auth Test Struct

func (*ApproleAuth) Cleanup 

func (a *ApproleAuth) Cleanup(client *api.Client) error

func (*ApproleAuth) Flags 

func (l *ApproleAuth) Flags(fs *flag.FlagSet)

func (*ApproleAuth) GetTargetInfo 

func (a *ApproleAuth) GetTargetInfo() TargetInfo

func (*ApproleAuth) ParseConfig 

func (a *ApproleAuth) ParseConfig(body hcl.Body) error

ParseConfig parses the passed in hcl.Body into Configuration structs for use during test configuration in Vault. Any default configuration definitions for required parameters will be set here.

func (*ApproleAuth) Setup 

func (a *ApproleAuth) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*ApproleAuth) Target 

func (a *ApproleAuth) Target(client *api.Client) vegeta.Target

type ApproleAuthTestConfig 

type ApproleAuthTestConfig struct {
	RoleConfig     *RoleConfig     `hcl:"role,block"`
	SecretIDConfig *SecretIDConfig `hcl:"secret_id,block"`
}

Intermediary struct to assist with HCL decoding

type ApproleTestConfig 

type ApproleTestConfig struct {
	Config *ApproleAuthTestConfig `hcl:"config,block"`
}

Main Config Struct

type BenchmarkBuilder 

type BenchmarkBuilder interface {
	// Target generates and returns a vegeta.Target struct which is used for the attack
	Target(client *api.Client) vegeta.Target

	// Setup uses the passed in client and configuration to create the necessary test resources
	// in Vault, and retrieve any necessary information needed to perform the test itself. Setup
	// returns a test struct type which satisfies this BenchmarkBuilder interface.
	Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

	// Cleanup uses the passed in client to clean up any created resources used as part of the test
	Cleanup(client *api.Client) error

	// ParseConfig accepts an hcl.Body and parses it into the underlying test struct
	ParseConfig(body hcl.Body) error

	// GetTargetInfo retrieves specific Target information required to pass on to Attack
	GetTargetInfo() TargetInfo

	// Flags allows tests to define flags in the passed in command flag set
	Flags(fs *flag.FlagSet)
}

type BenchmarkTarget 

type BenchmarkTarget struct {
	Builder    BenchmarkBuilder
	Target     func(*api.Client) vegeta.Target
	Remain     hcl.Body `hcl:",remain"`
	Type       string   `hcl:"type,label"`
	Name       string   `hcl:"name,label"`
	MountName  string   `hcl:"mount_name,optional"`
	Method     string
	PathPrefix string
	Weight     int `hcl:"weight,optional"`
}

func (*BenchmarkTarget) ConfigureTarget 

func (bt *BenchmarkTarget) ConfigureTarget(client *api.Client)

type CaCert 

type CaCert struct {
	PEM      string
	Template *x509.Certificate
	Signer   crypto.Signer
}

func GenerateCA 

func GenerateCA() (*CaCert, error)

GenerateCA generates a new self-signed CA cert and returns a CaCert struct containing the PEM encoded cert, X509 Certificate Template, and crypto.Signer

type CassandraDBConfig 

type CassandraDBConfig struct {
	Name                   string   `hcl:"name,optional"`
	PluginName             string   `hcl:"plugin_name,optional"`
	PluginVersion          string   `hcl:"plugin_version,optional"`
	VerifyConnection       *bool    `hcl:"verify_connection"`
	AllowedRoles           []string `hcl:"allowed_roles,optional"`
	RootRotationStatements []string `hcl:"root_rotation_statements,optional"`
	PasswordPolicy         string   `hcl:"password_policy,optional"`
	Hosts                  string   `hcl:"hosts"`
	Port                   int      `hcl:"port,optional"`
	ProtocolVersion        int      `hcl:"protocol_version"`
	Username               string   `hcl:"username,optional"`
	Password               string   `hcl:"password,optional"`
	TLS                    *bool    `hcl:"tls,optional"`
	InsecureTLS            bool     `hcl:"insecure_tls,optional"`
	PEMBundle              string   `hcl:"pem_bundle,optional"`
	TLSServerName          string   `hcl:"tls_server_name,optional"`
	PEMhcl                 string   `hcl:"pem_hcl,optional"`
	SkipVerification       bool     `hcl:"skip_verification,optional"`
	ConnectTimeout         string   `hcl:"connect_timeout,optional"`
	LocalDatacenter        string   `hcl:"local_datacenter,optional"`
	SocketKeepAlive        string   `hcl:"socket_keep_alive,optional"`
	Consistency            string   `hcl:"consistency,optional"`
	UsernameTemplate       string   `hcl:"username_template,optional"`
}

Cassandra DB Config

type CassandraRoleConfig 

type CassandraRoleConfig struct {
	Name                   string   `hcl:"name,optional"`
	DBName                 string   `hcl:"db_name,optional"`
	DefaultTTL             string   `hcl:"default_ttl,optional"`
	MaxTTL                 string   `hcl:"max_ttl,optional"`
	CreationStatements     []string `hcl:"creation_statements"`
	RevocationStatements   []string `hcl:"revocation_statements,optional"`
	RollbackStatements     []string `hcl:"rollback_statements,optional"`
	RootRotationStatements []string `hcl:"root_rotation_statements,optional"`
}

Cassandra Role Config

type CassandraSecret 

type CassandraSecret struct {
	// contains filtered or unexported fields
}

Cassandra Secret Test Struct

func (*CassandraSecret) Cleanup 

func (c *CassandraSecret) Cleanup(client *api.Client) error

func (*CassandraSecret) Flags 

func (c *CassandraSecret) Flags(fs *flag.FlagSet)

func (*CassandraSecret) GetTargetInfo 

func (c *CassandraSecret) GetTargetInfo() TargetInfo

func (*CassandraSecret) ParseConfig 

func (c *CassandraSecret) ParseConfig(body hcl.Body) error

ParseConfig parses the passed in hcl.Body into Configuration structs for use during test configuration in Vault. Any default configuration definitions for required parameters will be set here.

func (*CassandraSecret) Setup 

func (c *CassandraSecret) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*CassandraSecret) Target 

func (c *CassandraSecret) Target(client *api.Client) vegeta.Target

type CassandraSecretTestConfig 

type CassandraSecretTestConfig struct {
	CassandraDBConfig   *CassandraDBConfig   `hcl:"db_connection,block"`
	CassandraRoleConfig *CassandraRoleConfig `hcl:"role,block"`
}

Intermediary struct to assist with HCL decoding

type CassandraTestConfig 

type CassandraTestConfig struct {
	Config *CassandraSecretTestConfig `hcl:"config,block"`
}

Main Config Struct

type CertAuth 

type CertAuth struct {
	// contains filtered or unexported fields
}

func (*CertAuth) Cleanup 

func (c *CertAuth) Cleanup(client *api.Client) error

func (*CertAuth) Flags 

func (c *CertAuth) Flags(fs *flag.FlagSet)

func (*CertAuth) GetTargetInfo 

func (c *CertAuth) GetTargetInfo() TargetInfo

func (*CertAuth) ParseConfig 

func (c *CertAuth) ParseConfig(body hcl.Body) error

func (*CertAuth) Setup 

func (c *CertAuth) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*CertAuth) Target 

func (c *CertAuth) Target(client *api.Client) vegeta.Target

type CertAuthRoleConfig 

type CertAuthRoleConfig struct {
	Name                       string   `hcl:"name,optional"`
	Certificate                string   `hcl:"certificate,optional"`
	AllowedNames               string   `hcl:"allowed_names,optional"`
	AllowedCommonNames         []string `hcl:"allowed_common_names,optional"`
	AllowedDNSSANS             []string `hcl:"allowed_dns_sans,optional"`
	AllowedEmailSANS           []string `hcl:"allowed_email_sans,optional"`
	AllowedURISANS             []string `hcl:"allowed_uri_sans,optional"`
	AllowedOrganizationalUnits []string `hcl:"allowed_organizational_units,optional"`
	RequiredExtensions         []string `hcl:"required_extensions,optional"`
	AllowedMetadataExtensions  []string `hcl:"allowed_metadata_extensions,optional"`
	DisplayName                string   `hcl:"display_name,optional"`
	TokenTTL                   string   `hcl:"token_ttl,optional"`
	TokenMaxTTL                string   `hcl:"token_max_ttl,optional"`
	TokenPolicies              []string `hcl:"token_policies,optional"`
	Policies                   []string `hcl:"policies,optional"`
	TokenBoundCIDRs            []string `hcl:"token_bound_cidrs,optional"`
	TokenExplicitMaxTTL        string   `hcl:"token_explicit_max_ttl,optional"`
	TokenNoDefaultPolicy       bool     `hcl:"token_no_default_policy,optional"`
	TokenNumUses               int      `hcl:"token_num_uses,optional"`
	TokenPeriod                string   `hcl:"token_period,optional"`
	TokenType                  string   `hcl:"token_type,optional"`
}

Cert Auth Role Config

type CertAuthTestConfig 

type CertAuthTestConfig struct {
	Config *CertAuthRoleConfig `hcl:"config,block"`
}

Main config struct

type ConsulConfig 

type ConsulConfig struct {
	Address    string `hcl:"address"`
	Scheme     string `hcl:"scheme,optional"`
	Token      string `hcl:"token,optional"`
	CaCert     string `hcl:"ca_cert,optional"`
	ClientCert string `hcl:"client_cert,optional"`
	ClientKey  string `hcl:"client_key,optional"`
}

type ConsulRoleConfig 

type ConsulRoleConfig struct {
	Partition         string   `hcl:"partition,optional"`
	NodeIdentities    []string `hcl:"node_identities,optional"`
	ConsulNamespace   string   `hcl:"consul_namespace,optional"`
	ServiceIdentities []string `hcl:"service_identities,optional"`
	ConsulRoles       []string `hcl:"consul_roles,optional"`
	Name              string   `hcl:"name,optional"`
	TokenType         string   `hcl:"token_type,optional"`
	Policy            string   `hcl:"policy,optional"`
	Policies          []string `hcl:"policies,optional"`
	ConsulPolicies    []string `hcl:"consul_policies,optional"`
	Local             bool     `hcl:"local,optional"`
	TTL               string   `hcl:"ttl,optional"`
	MaxTTL            string   `hcl:"max_ttl,optional"`
	Lease             string   `hcl:"lease,optional"`
}

type ConsulSecretTestConfig 

type ConsulSecretTestConfig struct {
	Version          string            `hcl:"version,optional"`
	ConsulConfig     *ConsulConfig     `hcl:"consul,block"`
	ConsulRoleConfig *ConsulRoleConfig `hcl:"role,block"`
}

type ConsulTest 

type ConsulTest struct {
	// contains filtered or unexported fields
}

func (*ConsulTest) Cleanup 

func (c *ConsulTest) Cleanup(client *api.Client) error

func (*ConsulTest) Flags 

func (c *ConsulTest) Flags(fs *flag.FlagSet)

func (*ConsulTest) GetTargetInfo 

func (c *ConsulTest) GetTargetInfo() TargetInfo

func (*ConsulTest) ParseConfig 

func (c *ConsulTest) ParseConfig(body hcl.Body) error

func (*ConsulTest) Setup 

func (c *ConsulTest) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*ConsulTest) Target 

func (c *ConsulTest) Target(client *api.Client) vegeta.Target

type ConsulTestConfig 

type ConsulTestConfig struct {
	Config *ConsulSecretTestConfig `hcl:"config,block"`
}

type CouchBaseSecretConfig 

type CouchBaseSecretConfig struct {
	Config *CouchBaseTestConfig `hcl:"config,block"`
}

type CouchBaseTestConfig 

type CouchBaseTestConfig struct {
	DBConfig   *CouchbaseConfig     `hcl:"db_connection,block"`
	RoleConfig *CouchbaseRoleConfig `hcl:"role,block"`
}

type CouchbaseConfig 

type CouchbaseConfig struct {
	// Common
	Name             string   `hcl:"name,optional"`
	PluginName       string   `hcl:"plugin_name,optional"`
	PluginVersion    string   `hcl:"plugin_version,optional"`
	VerifyConnection *bool    `hcl:"verify_connection,optional"`
	AllowedRoles     []string `hcl:"allowed_roles,optional"`
	PasswordPolicy   string   `hcl:"password_policy,optional"`
	Username         string   `hcl:"username,optional"`
	Password         string   `hcl:"password,optional"`
	DisableEscaping  bool     `hcl:"disable_escaping,optional"`

	// Couchbase Specific
	Hosts            string `hcl:"hosts"`
	TLS              bool   `hcl:"tls,optional"`
	InsecureTLS      bool   `hcl:"insecure_tls,optional"`
	UsernameTemplate string `hcl:"username_template,optional"`
	Base64PEM        string `hcl:"base64pem,optional"`
	BucketName       string `hcl:"bucket_name"`
}

type CouchbaseRoleConfig 

type CouchbaseRoleConfig struct {
	Name               string   `hcl:"name,optional"`
	DBName             string   `hcl:"db_name,optional"`
	DefaultTTL         string   `hcl:"default_ttl,optional"`
	MaxTTL             string   `hcl:"max_ttl,optional"`
	CreationStatements []string `hcl:"creation_statements,optional"`
}

type CouchbaseSecretTest 

type CouchbaseSecretTest struct {
	// contains filtered or unexported fields
}

func (*CouchbaseSecretTest) Cleanup 

func (c *CouchbaseSecretTest) Cleanup(client *api.Client) error

func (*CouchbaseSecretTest) Flags 

func (c *CouchbaseSecretTest) Flags(fs *flag.FlagSet)

func (*CouchbaseSecretTest) GetTargetInfo 

func (c *CouchbaseSecretTest) GetTargetInfo() TargetInfo

func (*CouchbaseSecretTest) ParseConfig 

func (c *CouchbaseSecretTest) ParseConfig(body hcl.Body) error

func (*CouchbaseSecretTest) Setup 

func (c *CouchbaseSecretTest) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*CouchbaseSecretTest) Target 

func (c *CouchbaseSecretTest) Target(client *api.Client) vegeta.Target

type ElasticSearchConfig 

type ElasticSearchConfig struct {
	Name                   string   `hcl:"name,optional"`
	PluginName             string   `hcl:"plugin_name,optional"`
	PluginVersion          string   `hcl:"plugin_version,optional"`
	VerifyConnectioon      *bool    `hcl:"verify_connection,optional"`
	AllowedRoles           []string `hcl:"allowed_roles,optional"`
	RootRotationStatements []string `hcl:"root_rotation_statements,optional"`
	PasswordPolicy         string   `hcl:"password_policy,optional"`
	URL                    string   `hcl:"url"`
	Username               string   `hcl:"username,optional"`
	Password               string   `hcl:"password,optional"`
	CACert                 string   `hcl:"ca_cert,optional"`
	CAPath                 string   `hcl:"ca_path,optional"`
	ClientCert             string   `hcl:"client_cert,optional"`
	ClientKey              string   `hcl:"client_key,optional"`
	TLSServerName          string   `hcl:"tls_server_name,optional"`
	Insecure               bool     `hcl:"insecure,optional"`
	UsernameTemplate       string   `hcl:"username_template,optional"`
	UseOldXPack            bool     `hcl:"use_old_xpack,optional"`
}

type ElasticSearchRoleConfig 

type ElasticSearchRoleConfig struct {
	RoleName           string   `hcl:"name,optional"`
	DBName             string   `hcl:"db_name,optional"`
	DefaultTTL         string   `hcl:"default_ttl,optional"`
	MaxTTL             string   `hcl:"max_ttl,optional"`
	CreationStatements []string `hcl:"creation_statements,optional"`
}

type ElasticSearchSecretTestConfig 

type ElasticSearchSecretTestConfig struct {
	ElasticSearchConfig     *ElasticSearchConfig     `hcl:"db_connection,block"`
	ElasticSearchRoleConfig *ElasticSearchRoleConfig `hcl:"role,block"`
}

type ElasticSearchTest 

type ElasticSearchTest struct {
	// contains filtered or unexported fields
}

func (*ElasticSearchTest) Cleanup 

func (e *ElasticSearchTest) Cleanup(client *api.Client) error

func (*ElasticSearchTest) Flags 

func (e *ElasticSearchTest) Flags(fs *flag.FlagSet)

func (*ElasticSearchTest) GetTargetInfo 

func (e *ElasticSearchTest) GetTargetInfo() TargetInfo

func (*ElasticSearchTest) ParseConfig 

func (e *ElasticSearchTest) ParseConfig(body hcl.Body) error

func (*ElasticSearchTest) Setup 

func (e *ElasticSearchTest) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*ElasticSearchTest) Target 

func (e *ElasticSearchTest) Target(client *api.Client) vegeta.Target

type ElasticSearchTestConfig 

type ElasticSearchTestConfig struct {
	Config *ElasticSearchSecretTestConfig `hcl:"config,block"`
}

type JWTAuth 

type JWTAuth struct {
	// contains filtered or unexported fields
}

JWT Auth Test Struct

func (*JWTAuth) Cleanup 

func (j *JWTAuth) Cleanup(client *api.Client) error

func (*JWTAuth) Flags 

func (j *JWTAuth) Flags(fs *flag.FlagSet)

func (*JWTAuth) GetTargetInfo 

func (j *JWTAuth) GetTargetInfo() TargetInfo

func (*JWTAuth) ParseConfig 

func (j *JWTAuth) ParseConfig(body hcl.Body) error

ParseConfig parses the passed in hcl.Body into Configuration structs for use during test configuration in Vault. Any default configuration definitions for required parameters will be set here.

func (*JWTAuth) Setup 

func (j *JWTAuth) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*JWTAuth) Target 

func (j *JWTAuth) Target(client *api.Client) vegeta.Target

type JWTAuthConfig 

type JWTAuthConfig struct {
	OIDCDiscoveryUrl     string   `hcl:"oidc_discovery_url,optional"`
	OIDCDiscoveryCaPEM   string   `hcl:"oidc_discovery_ca_pem,optional"`
	OIDCClientId         string   `hcl:"oidc_client_id,optional"`
	OIDCClientSecret     string   `hcl:"oidc_client_secret,optional"`
	OIDCResponseMode     string   `hcl:"oidc_response_mode,optional"`
	OIDCResponseTypes    []string `hcl:"oidc_response_types,optional"`
	JWKSUrl              string   `hcl:"jwks_url,optional"`
	JWKSCaPEM            string   `hcl:"jwks_ca_pem,optional"`
	JWTValidationPubKeys []string `hcl:"jwt_validation_pubkeys,optional"`
	BoundIssuer          string   `hcl:"bound_issuer,optional"`
	JWTSupportedAlgs     []string `hcl:"jwt_supported_algs,optional"`
	DefaultRole          string   `hcl:"default_role,optional"`
	ProviderConfig       string   `hcl:"provider_config,optional"`
	NamespaceInState     *bool    `hcl:"namespace_in_state,optional"`
}

JWT Auth Config

type JWTAuthTestConfig 

type JWTAuthTestConfig struct {
	JWTAuthConfig *JWTAuthConfig `hcl:"auth,block"`
	JWTRoleConfig *JWTRoleConfig `hcl:"role,block"`
}

Intermediary struct to assist with HCL decoding

type JWTRoleConfig 

type JWTRoleConfig struct {
	Name                 string                 `hcl:"name,optional"`
	RoleType             string                 `hcl:"role_type,optional"`
	BoundAudiences       []string               `hcl:"bound_audiences,optional"`
	UserClaim            string                 `hcl:"user_claim,optional"`
	UserClaimJSONPointer string                 `hcl:"user_claim_json_pointer,optional"`
	ClockSkewLeeway      int                    `hcl:"clock_skew_leeway,optional"`
	ExpirationLeeway     int                    `hcl:"expiration_leeway,optional"`
	NotBeforeLeeway      int                    `hcl:"not_before_leeway,optional"`
	BoundSubject         string                 `hcl:"bound_subject,optional"`
	BoundClaims          map[string]interface{} `hcl:"bound_claims,optional"`
	BoundClaimsType      string                 `hcl:"bound_claims_type,optional"`
	GroupsClaim          string                 `hcl:"groups_claim,optional"`
	ClaimMappings        map[string]string      `hcl:"claim_mappings,optional"`
	OIDCScopes           []string               `hcl:"oidc_scopes,optional"`
	AllowedRedirectUris  []string               `hcl:"allowed_redirect_uris,optional"`
	VerboseOIDCLogging   bool                   `hcl:"verbose_oidc_logging,optional"`
	MaxAge               int                    `hcl:"max_age,optional"`
	TokenTTL             string                 `hcl:"token_ttl,optional"`
	TokenMaxTTL          string                 `hcl:"token_max_ttl,optional"`
	TokenPolicies        []string               `hcl:"token_policies,optional"`
	Policies             []string               `hcl:"policies,optional"`
	TokenBoundCidrs      []string               `hcl:"token_bound_cidrs,optional"`
	TokenExplicitMaxTTL  string                 `hcl:"token_explicit_max_ttl,optional"`
	TokenNoDefaultPolicy bool                   `hcl:"token_no_default_policy,optional"`
	TokenNumUses         int                    `hcl:"token_num_uses,optional"`
	TokenPeriod          string                 `hcl:"token_period,optional"`
	TokenType            string                 `hcl:"token_type,optional"`
}

JWT Role Config

type JWTTestConfig 

type JWTTestConfig struct {
	Config *JWTAuthTestConfig `hcl:"config,block"`
}

Main Config Struct

type KVV1Config 

type KVV1Config struct {
	KVSize int `hcl:"kvsize,optional"`
	NumKVs int `hcl:"numkvs,optional"`
}

type KVV1Test 

type KVV1Test struct {
	// contains filtered or unexported fields
}

func (*KVV1Test) Cleanup 

func (k *KVV1Test) Cleanup(client *api.Client) error

func (*KVV1Test) Flags 

func (k *KVV1Test) Flags(fs *flag.FlagSet)

func (*KVV1Test) GetTargetInfo 

func (k *KVV1Test) GetTargetInfo() TargetInfo

func (*KVV1Test) ParseConfig 

func (k *KVV1Test) ParseConfig(body hcl.Body) error

func (*KVV1Test) Setup 

func (k *KVV1Test) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*KVV1Test) Target 

func (k *KVV1Test) Target(client *api.Client) vegeta.Target

type KVV1TestConfig 

type KVV1TestConfig struct {
	Config *KVV1Config `hcl:"config,block"`
}

type KVV2Config 

type KVV2Config struct {
	KVSize int `hcl:"kvsize,optional"`
	NumKVs int `hcl:"numkvs,optional"`
}

type KVV2Test 

type KVV2Test struct {
	// contains filtered or unexported fields
}

func (*KVV2Test) Cleanup 

func (k *KVV2Test) Cleanup(client *api.Client) error

func (*KVV2Test) Flags 

func (k *KVV2Test) Flags(fs *flag.FlagSet)

func (*KVV2Test) GetTargetInfo 

func (k *KVV2Test) GetTargetInfo() TargetInfo

func (*KVV2Test) ParseConfig 

func (k *KVV2Test) ParseConfig(body hcl.Body) error

func (*KVV2Test) Setup 

func (k *KVV2Test) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*KVV2Test) Target 

func (k *KVV2Test) Target(client *api.Client) vegeta.Target

type KVV2TestConfig 

type KVV2TestConfig struct {
	Config *KVV2Config `hcl:"config,block"`
}

type KubeAuth 

type KubeAuth struct {
	// contains filtered or unexported fields
}

func (*KubeAuth) Cleanup 

func (k *KubeAuth) Cleanup(client *api.Client) error

func (*KubeAuth) Flags 

func (k *KubeAuth) Flags(fs *flag.FlagSet)

Func Flags accepts a flag set to assign additional flags defined in the function

func (*KubeAuth) GetTargetInfo 

func (k *KubeAuth) GetTargetInfo() TargetInfo

func (*KubeAuth) ParseConfig 

func (k *KubeAuth) ParseConfig(body hcl.Body) error

func (*KubeAuth) Setup 

func (k *KubeAuth) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*KubeAuth) Target 

func (k *KubeAuth) Target(client *api.Client) vegeta.Target

type KubeAuthConfig 

type KubeAuthConfig struct {
	KubernetesHost    string   `hcl:"kubernetes_host"`
	KubernetesCACert  string   `hcl:"kubernetes_ca_cert,optional"`
	TokenReviewerJWT  string   `hcl:"token_reviewer_jwt,optional"`
	PEMKeys           []string `hcl:"pem_keys,optional"`
	DisableLocalCAJWT bool     `hcl:"disable_local_ca_jwt,optional"`

	// Deprecated Parameters (Including for older versions of Vault)
	DisableISSValidation bool   `hcl:"disable_iss_validation,optional"`
	Issuer               string `hcl:"issuer,optional"`
}

type KubeAuthTestConfig 

type KubeAuthTestConfig struct {
	KubeAuthConfig     *KubeAuthConfig     `hcl:"auth,block"`
	KubeTestRoleConfig *KubeTestRoleConfig `hcl:"role,block"`
}

type KubeTestConfig 

type KubeTestConfig struct {
	Config *KubeAuthTestConfig `hcl:"config,block"`
}

type KubeTestRoleConfig 

type KubeTestRoleConfig struct {
	Name                          string   `hcl:"name"`
	BoundServiceAccountNames      []string `hcl:"bound_service_account_names"`
	BoundServiceAccountNamespaces []string `hcl:"bound_service_account_namespaces"`
	Audience                      string   `hcl:"audience,optional"`
	AliasNameSource               string   `hcl:"alias_name_source,optional"`
	TokenTTL                      string   `hcl:"token_ttl,optional"`
	TokenMaxTTL                   string   `hcl:"token_max_ttl,optional"`
	TokenPolicies                 []string `hcl:"token_policies,optional"`
	TokenBoundCIDRs               []string `hcl:"token_bound_cidrs,optional"`
	TokenExplicitMaxTTL           string   `hcl:"token_explicit_max_ttl,optional"`
	TokenNoDefaultPolicy          bool     `hcl:"token_no_default_policy,optional"`
	TokenNumUses                  int      `hcl:"token_num_uses,optional"`
	TokenPeriod                   string   `hcl:"token_period,optional"`
	TokenType                     string   `hcl:"token_type,optional"`
}

type LDAPAuth 

type LDAPAuth struct {
	// contains filtered or unexported fields
}

func (*LDAPAuth) Cleanup 

func (l *LDAPAuth) Cleanup(client *api.Client) error

func (*LDAPAuth) Flags 

func (l *LDAPAuth) Flags(fs *flag.FlagSet)

Func Flags accepts a flag set to assign additional flags defined in the function

func (*LDAPAuth) GetTargetInfo 

func (l *LDAPAuth) GetTargetInfo() TargetInfo

func (*LDAPAuth) ParseConfig 

func (l *LDAPAuth) ParseConfig(body hcl.Body) error

func (*LDAPAuth) Setup 

func (l *LDAPAuth) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*LDAPAuth) Target 

func (l *LDAPAuth) Target(client *api.Client) vegeta.Target

type LDAPAuthConfig 

type LDAPAuthConfig struct {
	URL                  string   `hcl:"url"`
	CaseSensitiveNames   bool     `hcl:"case_sensitive_names,optional"`
	RequestTimeout       int      `hcl:"request_timeout,optional"`
	StartTLS             bool     `hcl:"starttls,optional"`
	TLSMinVersion        string   `hcl:"tls_min_version,optional"`
	TLSMaxVersion        string   `hcl:"tls_max_version,optional"`
	InsecureTLS          bool     `hcl:"insecure_tls,optional"`
	Certificate          string   `hcl:"certificate,optional"`
	ClientTLSCert        string   `hcl:"client_tls_cert,optional"`
	ClientTLSKey         string   `hcl:"client_tls_key,optional"`
	BindDN               string   `hcl:"binddn,optional"`
	BindPass             string   `hcl:"bindpass,optional"`
	UserDN               string   `hcl:"userdn,optional"`
	UserAttr             string   `hcl:"userattr,optional"`
	DiscoverDN           string   `hcl:"discoverdn,optional"`
	DenyNullBind         *bool    `hcl:"deny_null_bind,optional"`
	UPNDomain            string   `hcl:"upndomain,optional"`
	UserFilter           string   `hcl:"userfilter,optional"`
	AnonymousGroupSearch bool     `hcl:"anonymous_group_search,optional"`
	GroupFilter          string   `hcl:"groupfilter,optional"`
	GroupDN              string   `hcl:"groupdn,optional"`
	GroupAttr            string   `hcl:"groupattr,optional"`
	UsernameAsAlias      bool     `hcl:"username_as_alias,optional"`
	TokenTTL             int      `hcl:"token_ttl,optional"`
	TokenMaxTTL          int      `hcl:"token_max_ttl,optional"`
	TokenPolicies        []string `hcl:"token_policies,optional"`
	TokenBoundCIDRs      []string `hcl:"token_bound_cidrs,optional"`
	TokenExplicitMaxTTL  int      `hcl:"token_explicit_max_ttl,optional"`
	TokenNoDefaultPolicy bool     `hcl:"token_no_default_policy,optional"`
	TokenNumUses         int      `hcl:"token_num_uses,optional"`
	TokenPeriod          string   `hcl:"token_period,optional"`
	TokenType            string   `hcl:"token_type,optional"`
}

type LDAPAuthTestConfig 

type LDAPAuthTestConfig struct {
	LDAPAuthConfig     *LDAPAuthConfig     `hcl:"auth,block"`
	LDAPTestUserConfig *LDAPTestUserConfig `hcl:"test_user,block"`
}

type LDAPTestConfig 

type LDAPTestConfig struct {
	Config *LDAPAuthTestConfig `hcl:"config,block"`
}

type LDAPTestUserConfig 

type LDAPTestUserConfig struct {
	Username string `hcl:"username,optional"`
	Password string `hcl:"password,optional"`
}

type MSSQLDBConfig 

type MSSQLDBConfig struct {
	Name                   string   `hcl:"name,optional"`
	PluginName             string   `hcl:"plugin_name,optional"`
	PluginVersion          string   `hcl:"plugin_version,optional"`
	VerifyConnection       *bool    `hcl:"verify_connection,optional"`
	AllowedRoles           []string `hcl:"allowed_roles,optional"`
	RootRotationStatements []string `hcl:"root_rotation_statements,optional"`
	PasswordPolicy         string   `hcl:"password_policy,optional"`
	ConnectionURL          string   `hcl:"connection_url"`
	Username               string   `hcl:"username,optional"`
	Password               string   `hcl:"password,optional"`
	DisableEscaping        bool     `hcl:"disable_escaping,optional"`
	MaxOpenConnections     int      `hcl:"max_open_connections,optional"`
	MaxIdleConnections     int      `hcl:"max_idle_connections,optional"`
	MaxConnectionLifetime  string   `hcl:"max_connection_lifetime,optional"`
	UsernameTemplate       string   `hcl:"username_template,optional"`
	ContainedDB            bool     `hcl:"contained_db,optional"`
}

MSSQL DB Config

type MSSQLRoleConfig 

type MSSQLRoleConfig struct {
	Name                 string `hcl:"name,optional"`
	DBName               string `hcl:"db_name,optional"`
	DefaultTTL           string `hcl:"default_ttl,optional"`
	MaxTTL               string `hcl:"max_ttl,optional"`
	CreationStatements   string `hcl:"creation_statements"`
	RevocationStatements string `hcl:"revocation_statements,optional"`
}

MSSQL Role Config

type MSSQLSecret 

type MSSQLSecret struct {
	// contains filtered or unexported fields
}

Postgres Secret Test Struct

func (*MSSQLSecret) Cleanup 

func (m *MSSQLSecret) Cleanup(client *api.Client) error

func (*MSSQLSecret) Flags 

func (m *MSSQLSecret) Flags(fs *flag.FlagSet)

func (*MSSQLSecret) GetTargetInfo 

func (m *MSSQLSecret) GetTargetInfo() TargetInfo

func (*MSSQLSecret) ParseConfig 

func (m *MSSQLSecret) ParseConfig(body hcl.Body) error

ParseConfig parses the passed in hcl.Body into Configuration structs for use during test configuration in Vault. Any default configuration definitions for required parameters will be set here.

func (*MSSQLSecret) Setup 

func (m *MSSQLSecret) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*MSSQLSecret) Target 

func (m *MSSQLSecret) Target(client *api.Client) vegeta.Target

type MSSQLSecretTestConfig 

type MSSQLSecretTestConfig struct {
	MSSQLDBConfig   *MSSQLDBConfig   `hcl:"db_connection,block"`
	MSSQLRoleConfig *MSSQLRoleConfig `hcl:"role,block"`
}

Intermediary struct to assist with HCL decoding

type MSSQLTestConfig 

type MSSQLTestConfig struct {
	Config *MSSQLSecretTestConfig `hcl:"config,block"`
}

Main Config Struct

type MongoDBConfig 

type MongoDBConfig struct {
	Name              string   `hcl:"name,optional"`
	PluginName        string   `hcl:"plugin_name,optional"`
	PluginVersion     string   `hcl:"plugin_version,optional"`
	VerifyConnection  *bool    `hcl:"verify_connection"`
	AllowedRoles      []string `hcl:"allowed_roles,optional"`
	ConnectionURL     string   `hcl:"connection_url"`
	WriteConcern      string   `hcl:"write_concern,optional"`
	Username          string   `hcl:"username,optional"`
	Password          string   `hcl:"password,optional"`
	TLSCertificateKey string   `hcl:"tls_certificate_key,optional"`
	TLSCA             string   `hcl:"tls_ca,optional"`
	UsernameTemplate  string   `hcl:"username_template,optional"`
}

type MongoDBRoleConfig 

type MongoDBRoleConfig struct {
	Name                 string `hcl:"name,optional"`
	DBName               string `hcl:"db_name,optional"`
	DefaultTTL           string `hcl:"default_ttl,optional"`
	MaxTTL               string `hcl:"max_ttl,optional"`
	CreationStatements   string `hcl:"creation_statements,optional"`
	RevocationStatements string `hcl:"revocation_statements,optional"`
}

type MongoDBSecretTestConfig 

type MongoDBSecretTestConfig struct {
	MongoDBConfig     *MongoDBConfig     `hcl:"db_connection,block"`
	MongoDBRoleConfig *MongoDBRoleConfig `hcl:"role,block"`
}

type MongoDBTest 

type MongoDBTest struct {
	// contains filtered or unexported fields
}

func (*MongoDBTest) Cleanup 

func (m *MongoDBTest) Cleanup(client *api.Client) error

func (*MongoDBTest) Flags 

func (m *MongoDBTest) Flags(fs *flag.FlagSet)

func (*MongoDBTest) GetTargetInfo 

func (m *MongoDBTest) GetTargetInfo() TargetInfo

func (*MongoDBTest) ParseConfig 

func (m *MongoDBTest) ParseConfig(body hcl.Body) error

func (*MongoDBTest) Setup 

func (m *MongoDBTest) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*MongoDBTest) Target 

func (m *MongoDBTest) Target(client *api.Client) vegeta.Target

type MongoDBTestConfig 

type MongoDBTestConfig struct {
	Config *MongoDBSecretTestConfig `hcl:"config,block"`
}

type PKIIssueCertConfig 

type PKIIssueCertConfig struct {
	Name              string `hcl:"name,optional"`
	CommonName        string `hcl:"common_name,optional"`
	AltNames          string `hcl:"alt_names,optional"`
	IPSANS            string `hcl:"ip_sans,optional"`
	URISANS           string `hcl:"uri_sans,optional"`
	OtherSANS         string `hcli:"other_sans,optional"`
	TTL               string `hcl:"ttl,optional"`
	Format            string `hcl:"format,optional"`
	PrivateKeyFormat  string `hcl:"private_key_format,optional"`
	ExcludeCNFromSANS bool   `hcl:"exclude_cn_from_sans,optional"`
	NotAfter          string `hcl:"not_after,optional"`
	UserIDs           string `hcl:"user_ids,optional"`
}

PKIIssueCertConfig is the configuration for the cert to be issued

/pki/issue/:name

type PKIIssueIntCAConfig 

type PKIIssueIntCAConfig struct {
	CSR                 string `hcl:"csr,optional"`
	CommonName          string `hcl:"common_name,optional"`
	AltNames            string `hcl:"alt_names,optional"`
	IPSANS              string `hcl:"ip_sans,optional"`
	URISANS             string `hcl:"uri_sans,optional"`
	OtherSANS           string `hcl:"other_sans,optional"`
	TTL                 string `hcl:"ttl,optional"`
	Format              string `hcl:"format,optional"`
	MaxPathLength       int    `hcl:"max_path_length,optional"`
	UseCSRValues        bool   `hcl:"use_csr_values,optional"`
	PermittedDNSDomains string `hcl:"permitted_dns_domains,optional"`
	OU                  string `hcl:"ou,optional"`
	Organization        string `hcl:"organization,optional"`
	Country             string `hcl:"country,optional"`
	Locality            string `hcl:"locality,optional"`
	Province            string `hcl:"province,optional"`
	StreetAddress       string `hcl:"street_address,optional"`
	PostalCode          string `hcl:"postal_code,optional"`
	SerialNumber        string `hcl:"serial_number,optional"`
	NotBeforeDuration   string `hcl:"not_before_duration,optional"`
	NotAfter            string `hcl:"not_after,optional"`
	SignatureBits       int    `hcl:"signature_bits,optional"`
	SKID                string `hcl:"skid,optional"`
	UsePSS              bool   `hcl:"use_pss,optional"`
}

PKIIssueIntCAConfig is the configuration for the signing operation of the intermediate CA CSR.

/pki/root/sign-intermediate

type PKIIssueIntCSRConfig 

type PKIIssueIntCSRConfig struct {
	Type                string `hcl:"type,optional"`
	CommonName          string `hcl:"common_name,optional"`
	AltNames            string `hcl:"alt_names,optional"`
	IPSANS              string `hcl:"ip_sans,optional"`
	URISANS             string `hcl:"uri_sans,optional"`
	OtherSANS           string `hcl:"other_sans,optional"`
	Format              string `hcl:"format,optional"`
	PrivateKeyFormat    string `hcl:"private_key_format,optional"`
	KeyType             string `hcl:"key_type,optional"`
	KeyBits             int    `hcl:"key_bits,optional"`
	KeyName             string `hcl:"key_name,optional"`
	KeyRef              string `hcl:"key_ref,optional"`
	SignatureBits       int    `hcl:"signature_bits,optional"`
	ExcludeCNFromSANS   bool   `hcl:"exclude_cn_from_sans,optional"`
	OU                  string `hcl:"ou,optional"`
	Organization        string `hcl:"organization,optional"`
	Country             string `hcl:"country,optional"`
	Locality            string `hcl:"locality,optional"`
	Province            string `hcl:"province,optional"`
	StreetAddress       string `hcl:"street_address,optional"`
	PostalCode          string `hcl:"postal_code,optional"`
	SerialNumber        string `hcl:"serial_number,optional"`
	AddBasicConstraints bool   `hcl:"add_basic_constraints,optional"`
	ManagedKeyName      string `hcl:"managed_key_name,optional"`
	ManagedKeyID        string `hcl:"managed_key_id,optional"`
}

PKIIssueIntConfig is the configuratio for the intermediate CSR to be generated for the test

/pki/intermediate/generate/:type

type PKIIssueRoleConfig 

type PKIIssueRoleConfig struct {
	Name                         string   `hcl:"name,optional"`
	TTL                          string   `hcl:"ttl,optional"`
	MaxTTL                       string   `hcl:"max_ttl,optional"`
	AllowLocalhost               *bool    `hcl:"allow_localhost,optional"`
	AllowedDomains               []string `hcl:"allowed_domains,optional"`
	AllowedDomainsTemplate       bool     `hcl:"allowed_domain_template,optional"`
	AllowBareDomains             bool     `hcl:"allow_bare_domains,optional"`
	AllowSubdomains              bool     `hcl:"allow_subdomains,optional"`
	AllowGlobDomains             bool     `hcl:"allow_glob_domains,optional"`
	AllowWildcardCertificates    *bool    `hcl:"allow_wildcard_certificates,optional"`
	AllowAnyName                 bool     `hcl:"allow_any_name,optional"`
	EnforceHostnames             *bool    `hcl:"enforce_hostnames,optional"`
	AllowIPSANS                  *bool    `hcl:"allow_ip_sans,optional"`
	AllowedURISANS               string   `hcl:"allowed_uri_sans,optional"`
	AllowedURISANSTemplate       bool     `hcl:"allowed_uri_sans_template,optional"`
	AllowedOtherSANS             string   `hcl:"allowed_other_sans,optional"`
	AllowedSerialNumbers         string   `hcl:"allowed_serial_numbers,optional"`
	ServerFlag                   *bool    `hcl:"server_flag,optional"`
	ClientFlag                   *bool    `hcl:"client_flag,optional"`
	CodeSigningFlag              bool     `hcl:"code_signing_flag,optional"`
	EmailProtectionFlag          bool     `hcl:"email_protection_flag,optional"`
	KeyType                      string   `hcl:"key_type,optional"`
	KeyBits                      int      `hcl:"key_bits,optional"`
	SignatureBits                int      `hcl:"signature_bits,optional"`
	UsePSS                       bool     `hcl:"use_pss,optional"`
	KeyUsage                     []string `hcl:"key_usage,optional"`
	ExtKeyUsage                  []string `hcl:"ext_key_usage,optional"`
	ExtKeyUsageOIDS              string   `hcl:"ext_key_usage_oids,optional"`
	UseCSRCommonName             *bool    `hcl:"use_csr_common_name,optional"`
	UseCSRSANS                   *bool    `hcl:"use_csr_sans,optional"`
	OU                           string   `hcl:"ou,optional"`
	Organization                 string   `hcl:"organization,optional"`
	Country                      string   `hcl:"country,optional"`
	Locality                     string   `hcl:"locality,optional"`
	Province                     string   `hcl:"province,optional"`
	StreetAddress                string   `hcl:"street_address,optional"`
	PostalCode                   string   `hcl:"postal_code,optional"`
	GenerateLease                bool     `hcl:"generate_lease,optional"`
	NoStore                      bool     `hcl:"no_store,optional"`
	RequireCN                    *bool    `hcl:"require_cn,optional"`
	PolicyIdentifiers            []string `hcl:"policy_identifiers,optional"`
	BasicConstrainsValidForNonCA bool     `hcl:"basic_constraints_valid_for_non_ca,optional"`
	NotBeforeDuration            string   `hcl:"not_before_duration,optional"`
	NotAfter                     string   `hcl:"not_after,optional"`
	CNValidations                []string `hcl:"cn_validations,optional"`
	AllowedUserIDs               string   `hcl:"allowed_user_ids,optional"`
}

PKI Role config defining how the issued cert should be configured

/pki/roles/:name

type PKIIssueRootConfig 

type PKIIssueRootConfig struct {
	Type                string `hcl:"type,optional"`
	IssuerName          string `hcl:"issuer_name,optional"`
	KeyName             string `hcl:"key_name,optional"`
	KeyRef              string `hcl:"key_ref,optional"`
	CommonName          string `hcl:"common_name,optional"`
	AltNames            string `hcl:"alt_names,optional"`
	IPSANS              string `hcl:"ip_sans,optional"`
	URISANS             string `hcl:"uri_sans,optional"`
	OtherSANS           string `hcl:"other_sans,optional"`
	TTL                 string `hcl:"ttl,optional"`
	Format              string `hcl:"format,optional"`
	PrivateKeyFormat    string `hcl:"private_key_format,optional"`
	KeyType             string `hcl:"key_type,optional"`
	KeyBits             int    `hcl:"key_bits,optional"`
	MaxPathLength       int    `hcl:"max_path_length,optional"`
	ExcludeCNFromSANS   bool   `hcl:"exclude_cn_from_sans,optional"`
	PermittedDNSDomains string `hcl:"permitted_dns_domains,optional"`
	OU                  string `hcl:"ou,optional"`
	Organization        string `hcl:"organization,optional"`
	Country             string `hcl:"country,optional"`
	Locality            string `hcl:"locality,optional"`
	Province            string `hcl:"province,optional"`
	StreetAddress       string `hcl:"street_address,optional"`
	PostalCode          string `hcl:"postal_code,optional"`
	SerialNumber        string `hcl:"serial_number,optional"`
	NotBeforeDuration   string `hcl:"not_before_duration,optional"`
	NotAfter            string `hcl:"not_after,optional"`
	ManagedKeyName      string `hcl:"managed_key_name,optional"`
	ManagedKeyID        string `hcl:"managed_key_id,optional"`
}

PKIIssueCAConfig is the configuration for the root CA cert to be generated for the test

/pki/root/generate/:type

type PKIIssueTest 

type PKIIssueTest struct {
	// contains filtered or unexported fields
}

func (*PKIIssueTest) Cleanup 

func (p *PKIIssueTest) Cleanup(client *api.Client) error

func (*PKIIssueTest) Flags 

func (p *PKIIssueTest) Flags(fs *flag.FlagSet)

func (*PKIIssueTest) GetTargetInfo 

func (p *PKIIssueTest) GetTargetInfo() TargetInfo

func (*PKIIssueTest) ParseConfig 

func (p *PKIIssueTest) ParseConfig(body hcl.Body) error

func (*PKIIssueTest) Setup 

func (p *PKIIssueTest) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*PKIIssueTest) Target 

func (p *PKIIssueTest) Target(client *api.Client) vegeta.Target

type PKIIssueTestConfig 

type PKIIssueTestConfig struct {
	Config *PKISecretIssueTestConfig `hcl:"config,block"`
}

type PKISecretIssueTestConfig 

type PKISecretIssueTestConfig struct {
	SetupDelay            string                `hcl:"setup_delay,optional"`
	RootCAConfig          *PKIIssueRootConfig   `hcl:"root_ca,block"`
	IntermediateCSRConfig *PKIIssueIntCSRConfig `hcl:"intermediate_csr,block"`
	IntermediateCAConfig  *PKIIssueIntCAConfig  `hcl:"intermediate_ca,block"`
	RoleConfig            *PKIIssueRoleConfig   `hcl:"role,block"`
	IssueConfig           *PKIIssueCertConfig   `hcl:"issue,block"`
}

type PKISignTest 

type PKISignTest struct {
	// contains filtered or unexported fields
}

func (*PKISignTest) Cleanup 

func (p *PKISignTest) Cleanup(client *api.Client) error

func (*PKISignTest) Flags 

func (p *PKISignTest) Flags(fs *flag.FlagSet)

func (*PKISignTest) GetTargetInfo 

func (p *PKISignTest) GetTargetInfo() TargetInfo

func (*PKISignTest) ParseConfig 

func (p *PKISignTest) ParseConfig(body hcl.Body) error

func (*PKISignTest) Setup 

func (p *PKISignTest) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*PKISignTest) Target 

func (p *PKISignTest) Target(client *api.Client) vegeta.Target

type PostgreSQLDBConfig 

type PostgreSQLDBConfig struct {
	Name                   string   `hcl:"name,optional"`
	PluginName             string   `hcl:"plugin_name,optional"`
	PluginVersion          string   `hcl:"plugin_version,optional"`
	VerifyConnection       *bool    `hcl:"verify_connection,optional"`
	AllowedRoles           []string `hcl:"allowed_roles,optional"`
	RootRotationStatements []string `hcl:"root_rotation_statements,optional"`
	PasswordPolicy         string   `hcl:"password_policy,optional"`
	ConnectionURL          string   `hcl:"connection_url"`
	MaxOpenConnections     int      `hcl:"max_open_connections,optional"`
	MaxIdleConnections     int      `hcl:"max_idle_connections,optional"`
	MaxConnectionLifetime  string   `hcl:"max_connection_lifetime,optional"`
	Username               string   `hcl:"username,optional"`
	Password               string   `hcl:"password,optional"`
	UsernameTemplate       string   `hcl:"username_template,optional"`
	DisableEscaping        bool     `hcl:"disable_escaping,optional"`
}

PostgreSQL DB Config

type PostgreSQLRoleConfig 

type PostgreSQLRoleConfig struct {
	Name                 string `hcl:"name,optional"`
	DBName               string `hcl:"db_name,optional"`
	DefaultTTL           string `hcl:"default_ttl,optional"`
	MaxTTL               string `hcl:"max_ttl,optional"`
	CreationStatements   string `hcl:"creation_statements"`
	RevocationStatements string `hcl:"revocation_statements,optional"`
	RollbackStatements   string `hcl:"rollback_statements,optional"`
	RenewStatements      string `hcl:"renew_statements,optional"`
	RotationStatements   string `hcl:"rotation_statements,optional"`
}

PostgreSQL Role Config

type PostgreSQLSecret 

type PostgreSQLSecret struct {
	// contains filtered or unexported fields
}

Postgres Secret Test Struct

func (*PostgreSQLSecret) Cleanup 

func (s *PostgreSQLSecret) Cleanup(client *api.Client) error

func (*PostgreSQLSecret) Flags 

func (l *PostgreSQLSecret) Flags(fs *flag.FlagSet)

func (*PostgreSQLSecret) GetTargetInfo 

func (s *PostgreSQLSecret) GetTargetInfo() TargetInfo

func (*PostgreSQLSecret) ParseConfig 

func (s *PostgreSQLSecret) ParseConfig(body hcl.Body) error

ParseConfig parses the passed in hcl.Body into Configuration structs for use during test configuration in Vault. Any default configuration definitions for required parameters will be set here.

func (*PostgreSQLSecret) Setup 

func (s *PostgreSQLSecret) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*PostgreSQLSecret) Target 

func (s *PostgreSQLSecret) Target(client *api.Client) vegeta.Target

type PostgreSQLSecretTestConfig 

type PostgreSQLSecretTestConfig struct {
	PostgreSQLDBConfig   *PostgreSQLDBConfig   `hcl:"db_connection,block"`
	PostgreSQLRoleConfig *PostgreSQLRoleConfig `hcl:"role,block"`
}

Intermediary struct to assist with HCL decoding

type PostgreSQLTestConfig 

type PostgreSQLTestConfig struct {
	Config *PostgreSQLSecretTestConfig `hcl:"config,block"`
}

Main Config Struct

type RabbitMQConnectionConfig 

type RabbitMQConnectionConfig struct {
	ConnectionURI    string `hcl:"connection_uri"`
	Username         string `hcl:"username,optional"`
	Password         string `hcl:"password,optional"`
	VerifyConnection *bool  `hcl:"verify_connection,optional"`
	PasswordPolicy   string `hcl:"password_policy,optional"`
	UsernameTemplate string `hcl:"username_template,optional"`
}

type RabbitMQRoleConfig 

type RabbitMQRoleConfig struct {
	Name        string `hcl:"name,optional"`
	Tags        string `hcl:"tags,optional"`
	Vhosts      string `hcl:"vhosts"`
	VhostTopics string `hcl:"vhost_topics,optional"`
}

type RabbitMQSecretTestConfig 

type RabbitMQSecretTestConfig struct {
	RabbitMQConnectionConfig *RabbitMQConnectionConfig `hcl:"connection,block"`
	RabbitMQRoleConfig       *RabbitMQRoleConfig       `hcl:"role,block"`
}

Intermediary struct to assist with HCL decoding

type RabbitMQTest 

type RabbitMQTest struct {
	// contains filtered or unexported fields
}

func (*RabbitMQTest) Cleanup 

func (r *RabbitMQTest) Cleanup(client *api.Client) error

func (*RabbitMQTest) Flags 

func (m *RabbitMQTest) Flags(fs *flag.FlagSet)

func (*RabbitMQTest) GetTargetInfo 

func (r *RabbitMQTest) GetTargetInfo() TargetInfo

func (*RabbitMQTest) ParseConfig 

func (r *RabbitMQTest) ParseConfig(body hcl.Body) error

func (*RabbitMQTest) Setup 

func (r *RabbitMQTest) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*RabbitMQTest) Target 

func (r *RabbitMQTest) Target(client *api.Client) vegeta.Target

type RabbitMQTestConfig 

type RabbitMQTestConfig struct {
	Config *RabbitMQSecretTestConfig `hcl:"config,block"`
}

Main Config Struct

type RedisDBConfig 

type RedisDBConfig struct {
	// Common
	Name             string   `hcl:"name,optional"`
	PluginName       string   `hcl:"plugin_name,optional"`
	PluginVersion    string   `hcl:"plugin_version,optional"`
	VerifyConnection *bool    `hcl:"verify_connection,optional"`
	AllowedRoles     []string `hcl:"allowed_roles,optional"`
	CACert           string   `hcl:"ca_cert,optional"`

	// Redis specific
	Host           string `hcl:"host"`
	Port           int    `hcl:"port"`
	Username       string `hcl:"username,optional"`
	Password       string `hcl:"password,optional"`
	PasswordPolicy string `hcl:"password_policy,optional"`
	TLS            bool   `hcl:"tls,optional"`
	InsecureTLS    bool   `hcl:"insecure_tls,optional"`
}

Redis DB Config

type RedisDynamicRoleConfig 

type RedisDynamicRoleConfig struct {
	Name               string `hcl:"name,optional"`
	DBName             string `hcl:"db_name,optional"`
	DefaultTTL         string `hcl:"default_ttl,optional"`
	MaxTTL             string `hcl:"max_ttl,optional"`
	CreationStatements string `hcl:"creation_statements"`
}

type RedisDynamicSecret 

type RedisDynamicSecret struct {
	// contains filtered or unexported fields
}

func (*RedisDynamicSecret) Cleanup 

func (r *RedisDynamicSecret) Cleanup(client *api.Client) error

func (*RedisDynamicSecret) Flags 

func (r *RedisDynamicSecret) Flags(fs *flag.FlagSet)

func (*RedisDynamicSecret) GetTargetInfo 

func (r *RedisDynamicSecret) GetTargetInfo() TargetInfo

func (*RedisDynamicSecret) ParseConfig 

func (r *RedisDynamicSecret) ParseConfig(body hcl.Body) error

ParseConfig parses the passed in hcl.Body into Configuration structs for use during test configuration in Vault. Any default configuration definitions for required parameters will be set here.

func (*RedisDynamicSecret) Setup 

func (r *RedisDynamicSecret) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*RedisDynamicSecret) Target 

func (r *RedisDynamicSecret) Target(client *api.Client) vegeta.Target

type RedisDynamicSecretTestConfig 

type RedisDynamicSecretTestConfig struct {
	DBConfig   *RedisDBConfig          `hcl:"db_connection,block"`
	RoleConfig *RedisDynamicRoleConfig `hcl:"role,block"`
}

type RedisDynamicTestConfig 

type RedisDynamicTestConfig struct {
	Config *RedisDynamicSecretTestConfig `hcl:"config,block"`
}

type RedisStaticRoleConfig 

type RedisStaticRoleConfig struct {
	Name           string `hcl:"name,optional"`
	DBName         string `hcl:"db_name,optional"`
	RotationPeriod string `hcl:"rotation_period,optional"`
	Username       string `hcl:"username"`
	InsecureTLS    bool   `hcl:"insecure_tls,optional"`
}

type RedisStaticSecret 

type RedisStaticSecret struct {
	// contains filtered or unexported fields
}

func (*RedisStaticSecret) Cleanup 

func (r *RedisStaticSecret) Cleanup(client *api.Client) error

func (*RedisStaticSecret) Flags 

func (r *RedisStaticSecret) Flags(fs *flag.FlagSet)

func (*RedisStaticSecret) GetTargetInfo 

func (r *RedisStaticSecret) GetTargetInfo() TargetInfo

func (*RedisStaticSecret) ParseConfig 

func (r *RedisStaticSecret) ParseConfig(body hcl.Body) error

ParseConfig parses the passed in hcl.Body into Configuration structs for use during test configuration in Vault. Any default configuration definitions for required parameters will be set here.

func (*RedisStaticSecret) Setup 

func (r *RedisStaticSecret) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*RedisStaticSecret) Target 

func (r *RedisStaticSecret) Target(client *api.Client) vegeta.Target

type RedisStaticSecretTestConfig 

type RedisStaticSecretTestConfig struct {
	DBConfig   *RedisDBConfig         `hcl:"db_connection,block"`
	RoleConfig *RedisStaticRoleConfig `hcl:"role,block"`
}

type RedisStaticTestConfig 

type RedisStaticTestConfig struct {
	Config *RedisStaticSecretTestConfig `hcl:"config,block"`
}

type Reporter 

type Reporter struct {
	// contains filtered or unexported fields
}

func Attack 

func Attack(tm *TargetMulti, client *api.Client, duration time.Duration, rps int, workers int) (*Reporter, error)

func FromReader 

func FromReader(r io.Reader) (*Reporter, error)

func (*Reporter) Add 

func (r *Reporter) Add(result *vegeta.Result)

func (*Reporter) Close 

func (r *Reporter) Close()

func (*Reporter) ReportJSON 

func (r *Reporter) ReportJSON(w io.Writer) error

func (*Reporter) ReportTerse 

func (r *Reporter) ReportTerse(w io.Writer) error

func (*Reporter) ReportVerbose 

func (r *Reporter) ReportVerbose(w io.Writer) error

type RoleConfig 

type RoleConfig struct {
	Name                 string   `hcl:"role_name,optional"`
	BindSecretID         *bool    `hcl:"bind_secret_id,optional"`
	SecretIDBoundCIDRS   []string `hcl:"secret_id_bound_cidrs,optional"`
	SecredIDNumUses      int      `hcl:"secret_id_num_uses,optional"`
	SecretIDTTL          string   `hcl:"secret_id_ttl,optional"`
	LocalSecretIDs       bool     `hcl:"local_secret_ids,optional"`
	TokenTTL             string   `hcl:"token_ttl,optional"`
	TokenMaxTTL          string   `hcl:"token_max_ttl,optional"`
	TokenPolicies        []string `hcl:"token_policies,optional"`
	Policies             []string `hcl:"policies,optional"`
	TokenBoundCIDRs      []string `hcl:"token_bound_cidrs,optional"`
	TokenExplicitMaxTTL  string   `hcl:"token_explicit_max_ttl,optional"`
	TokenNoDefaultPolicy bool     `hcl:"token_no_default_policy,optional"`
	TokenNumUses         int      `hcl:"token_num_uses,optional"`
	TokenPeriod          string   `hcl:"token_period,optional"`
	TokenType            string   `hcl:"token_type,optional"`
}

AppRole Role Config

type SSHCAConfig 

type SSHCAConfig struct {
	PrivateKey         string `hcl:"private_key,optional"`
	PublicKey          string `hcl:"public_key,optional"`
	GenerateSigningKey *bool  `hcl:"generate_signing_key,optional"`
	KeyType            string `hcl:"key_type,optional"`
	KeyBits            int    `hcl:"key_bits,optional"`
}

type SSHIssueTest 

type SSHIssueTest struct {
	// contains filtered or unexported fields
}

func (*SSHIssueTest) Cleanup 

func (s *SSHIssueTest) Cleanup(client *api.Client) error

func (*SSHIssueTest) Flags 

func (s *SSHIssueTest) Flags(fs *flag.FlagSet)

func (*SSHIssueTest) GetTargetInfo 

func (s *SSHIssueTest) GetTargetInfo() TargetInfo

func (*SSHIssueTest) ParseConfig 

func (s *SSHIssueTest) ParseConfig(body hcl.Body) error

func (*SSHIssueTest) Setup 

func (s *SSHIssueTest) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*SSHIssueTest) Target 

func (s *SSHIssueTest) Target(client *api.Client) vegeta.Target

type SSHIssueTestConfig 

type SSHIssueTestConfig struct {
	CAConfig         *SSHCAConfig         `hcl:"ca,block"`
	RoleConfig       *SSHRoleConfig       `hcl:"role,block"`
	IssuedCertConfig *SSHIssuedCertConfig `hcl:"issued_cert,block"`
}

type SSHIssuedCertConfig 

type SSHIssuedCertConfig struct {
	Name            string                 `hcl:"name,optional"`
	KeyType         string                 `hcl:"key_type,optional"`
	KeyBits         int                    `hcl:"key_bits,optional"`
	TTL             string                 `hcl:"ttl,optional"`
	ValidPrincipals string                 `hcl:"valid_principals,optional"`
	CertType        string                 `hcl:"cert_type,optional"`
	KeyID           string                 `hcl:"key_id,optional"`
	CriticalOptions map[string]interface{} `hcl:"critical_options,optional"`
	Extensions      map[string]interface{} `hcl:"extensions,optional"`
}

type SSHKeySignCAConfig 

type SSHKeySignCAConfig struct {
	PrivateKey         string `hcl:"private_key,optional"`
	PublicKey          string `hcl:"public_key,optional"`
	GenerateSigningKey *bool  `hcl:"generate_signing_key,optional"`
	KeyType            string `hcl:"key_type,optional"`
	KeyBits            int    `hcl:"key_bits,optional"`
}

type SSHKeySignConfig 

type SSHKeySignConfig struct {
	Config *SSHKeySignTestConfig `hcl:"config,block"`
}

type SSHKeySignRoleConfig 

type SSHKeySignRoleConfig struct {
	// Vault >= 1.13.x
	AllowedDomainsTemplate bool `hcl:"allowed_domains_template,optional"`

	// Vault <= 1.12.x
	Key            string   `hcl:"key,optional"`
	AdminUser      string   `hcl:"admin_user,optional"`
	KeyBits        int      `hcl:"key_bits,optional"`
	InstallScript  string   `hcl:"install_script,optional"`
	KeyOptionSpecs []string `hcl:"key_option_specs,optional"`

	// Common
	Name                   string                 `hcl:"name,optional"`
	DefaultUser            string                 `hcl:"default_user,optional"`
	DefaultUserTemplate    bool                   `hcl:"default_user_template,optional"`
	CIDRList               []string               `hcl:"cidr_list,optional"`
	ExcludeCIDRList        []string               `hcl:"exclude_cidr_list,optional"`
	Port                   int                    `hcl:"port,optional"`
	KeyType                string                 `hcl:"key_type,optional"`
	AllowedUsers           []string               `hcl:"allowed_users,optional"`
	AllowedUsersTemplate   bool                   `hcl:"allowed_users_template,optional"`
	AllowedDomains         []string               `hcl:"allowed_domains,optional"`
	TTL                    string                 `hcl:"ttl,optional"`
	MaxTTL                 string                 `hcl:"max_ttl,optional"`
	AllowedCriticalOptions []string               `hcl:"allowed_critical_options,optional"`
	AllowedExtensions      []string               `hcl:"allowed_extensions,optional"`
	DefaultCriticalOptions map[string]string      `hcl:"default_critical_options,optional"`
	DefaultExtensions      map[string]string      `hcl:"default_extensions,optional"`
	AllowUserCertificates  bool                   `hcl:"allow_user_certificates,optional"`
	AllowHostCertificates  bool                   `hcl:"allow_host_certificates,optional"`
	AllowBareDomains       bool                   `hcl:"allow_bare_domains,optional"`
	AllowSubdomains        bool                   `hcl:"allow_subdomains,optional"`
	AllowUserKeyIDs        bool                   `hcl:"allow_user_key_ids,optional"`
	KeyIDFormat            string                 `hcl:"key_id_format,optional"`
	AllowedUserKeyLengths  map[string]interface{} `hcl:"allowed_user_key_lengths,optional"`
	AlgorithmSigner        string                 `hcl:"algorithm_signer,optional"`
	NotBeforeDuration      string                 `hcl:"not_before_duration,optional"`
}

type SSHKeySignTest 

type SSHKeySignTest struct {
	// contains filtered or unexported fields
}

func (*SSHKeySignTest) Cleanup 

func (s *SSHKeySignTest) Cleanup(client *api.Client) error

func (*SSHKeySignTest) Flags 

func (s *SSHKeySignTest) Flags(fs *flag.FlagSet)

func (*SSHKeySignTest) GetTargetInfo 

func (s *SSHKeySignTest) GetTargetInfo() TargetInfo

func (*SSHKeySignTest) ParseConfig 

func (s *SSHKeySignTest) ParseConfig(body hcl.Body) error

func (*SSHKeySignTest) Setup 

func (s *SSHKeySignTest) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*SSHKeySignTest) Target 

func (s *SSHKeySignTest) Target(client *api.Client) vegeta.Target

type SSHKeySignTestConfig 

type SSHKeySignTestConfig struct {
	CAConfig         *SSHKeySignCAConfig   `hcl:"ca,block"`
	RoleConfig       *SSHKeySignRoleConfig `hcl:"role,block"`
	KeySigningConfig *SSHKeySigningConfig  `hcl:"key_signing,block"`
}

type SSHKeySigningConfig 

type SSHKeySigningConfig struct {
	PublicKey       *string                `hcl:"public_key,optional"`
	TTL             string                 `hcl:"ttl,optional"`
	ValidPrincipals string                 `hcl:"valid_principals,optional"`
	CertType        string                 `hcl:"cert_type,optional"`
	KeyID           string                 `hcl:"key_id,optional"`
	CriticalOptions map[string]interface{} `hcl:"critical_options,optional"`
	Extensions      map[string]interface{} `hcl:"extensions,optional"`
}

type SSHRoleConfig 

type SSHRoleConfig struct {
	// Vault >= 1.13.x
	AllowedDomainsTemplate bool `hcl:"allowed_domains_template,optional"`

	// Vault <= 1.12.x
	Key            string   `hcl:"key,optional"`
	AdminUser      string   `hcl:"admin_user,optional"`
	KeyBits        int      `hcl:"key_bits,optional"`
	InstallScript  string   `hcl:"install_script,optional"`
	KeyOptionSpecs []string `hcl:"key_option_specs,optional"`

	// Common
	Name                   string                 `hcl:"name,optional"`
	DefaultUser            string                 `hcl:"default_user,optional"`
	DefaultUserTemplate    bool                   `hcl:"default_user_template,optional"`
	CIDRList               []string               `hcl:"cidr_list,optional"`
	ExcludeCIDRList        []string               `hcl:"exclude_cidr_list,optional"`
	Port                   int                    `hcl:"port,optional"`
	KeyType                string                 `hcl:"key_type,optional"`
	AllowedUsers           []string               `hcl:"allowed_users,optional"`
	AllowedUsersTemplate   bool                   `hcl:"allowed_users_template,optional"`
	AllowedDomains         []string               `hcl:"allowed_domains,optional"`
	TTL                    string                 `hcl:"ttl,optional"`
	MaxTTL                 string                 `hcl:"max_ttl,optional"`
	AllowedCriticalOptions []string               `hcl:"allowed_critical_options,optional"`
	AllowedExtensions      []string               `hcl:"allowed_extensions,optional"`
	DefaultCriticalOptions map[string]string      `hcl:"default_critical_options,optional"`
	DefaultExtensions      map[string]string      `hcl:"default_extensions,optional"`
	AllowUserCertificates  bool                   `hcl:"allow_user_certificates,optional"`
	AllowHostCertificates  bool                   `hcl:"allow_host_certificates,optional"`
	AllowBareDomains       bool                   `hcl:"allow_bare_domains,optional"`
	AllowSubdomains        bool                   `hcl:"allow_subdomains,optional"`
	AllowUserKeyIDs        bool                   `hcl:"allow_user_key_ids,optional"`
	KeyIDFormat            string                 `hcl:"key_id_format,optional"`
	AllowedUserKeyLengths  map[string]interface{} `hcl:"allowed_user_key_lengths,optional"`
	AlgorithmSigner        string                 `hcl:"algorithm_signer,optional"`
	NotBeforeDuration      string                 `hcl:"not_before_duration,optional"`
}

type SSHTestConfig 

type SSHTestConfig struct {
	Config *SSHIssueTestConfig `hcl:"config,block"`
}

type SecretIDConfig 

type SecretIDConfig struct {
	Metadata        string   `hcl:"metadata,optional"`
	CIDRList        []string `hcl:"cidr_list,optional"`
	NumUses         int      `hcl:"num_uses,optional"`
	TTL             string   `hcl:"ttl,optional"`
	TokenBoundCIDRs []string `hcl:"token_bound_cidrs,optional"`
}

AppRole SecretID Config

type StatusCheck 

type StatusCheck struct {
	// contains filtered or unexported fields
}

func (*StatusCheck) Cleanup 

func (s *StatusCheck) Cleanup(client *api.Client) error

Cleanup is a no-op for this test

func (*StatusCheck) Flags 

func (s *StatusCheck) Flags(fs *flag.FlagSet)

func (*StatusCheck) GetTargetInfo 

func (s *StatusCheck) GetTargetInfo() TargetInfo

func (*StatusCheck) ParseConfig 

func (s *StatusCheck) ParseConfig(body hcl.Body) error

func (*StatusCheck) Setup 

func (s *StatusCheck) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*StatusCheck) Target 

func (s *StatusCheck) Target(client *api.Client) vegeta.Target

type TargetInfo 

type TargetInfo struct {
	// contains filtered or unexported fields
}

type TargetMulti 

type TargetMulti struct {
	// contains filtered or unexported fields
}

TargetMulti allows building a vegeta targetter that chooses between various operations randomly following a specified distribution.

func BuildTargets 

func BuildTargets(tests []*BenchmarkTarget, client *api.Client, logger hclog.Logger, randomMounts bool) (*TargetMulti, error)

func (TargetMulti) Cleanup 

func (tm TargetMulti) Cleanup(client *api.Client) error

func (TargetMulti) DebugInfo 

func (tm TargetMulti) DebugInfo(client *api.Client)

func (TargetMulti) Targeter 

func (tm TargetMulti) Targeter(client *api.Client) (vegeta.Targeter, error)

type TransformInputConfig 

type TransformInputConfig struct {
	Value          string        `hcl:"value,optional"`
	Transformation string        `hcl:"transformation,optional"`
	TTL            string        `hcl:"ttl,optional"`
	Metadata       string        `hcl:"metadata,optional"`
	Tweak          string        `hcl:"tweak,optional"`
	Reference      string        `hcl:"reference,optional"`
	BatchInput     []interface{} `hcl:"batch_input,optional"`
}

type TransformRoleConfig 

type TransformRoleConfig struct {
	Name            string   `hcl:"name,optional"`
	Transformations []string `hcl:"transformations,optional"`
}

type TransformStoreConfig 

type TransformStoreConfig struct {
	Name                     string   `hcl:"name"`
	Type                     string   `hcl:"type"`
	Driver                   string   `hcl:"driver"`
	ConnectionString         string   `hcl:"connection_string"`
	Username                 string   `hcl:"username"`
	Password                 string   `hcl:"password"`
	SupportedTransformations []string `hcl:"supported_transformations,optional"`
	Schema                   string   `hcl:"schema,optional"`
	MaxOpenConnections       int      `hcl:"max_open_connections,optional"`
	MaxIdleConnections       int      `hcl:"max_idle_connections,optional"`
	MaxConnectionLifetime    string   `hcl:"max_connection_lifetime,optional"`
}

type TransformStoreSchemaConfig 

type TransformStoreSchemaConfig struct {
	Name               string `hcl:"name,optional"`
	Username           string `hcl:"username,optional"`
	Password           string `hcl:"password,optional"`
	TransformationType string `hcl:"transformation_type,optional"`
}

type TransformTestConfig 

type TransformTestConfig struct {
	Config *TransformTokenizationTestConfig `hcl:"config,block"`
}

type TransformTokenizationConfig 

type TransformTokenizationConfig struct {
	Name            string   `hcl:"name,optional"`
	MappingMode     string   `hcl:"mapping_mode,optional"`
	Convergent      bool     `hcl:"convergent,optional"`
	MaxTTL          string   `hcl:"max_ttl,optional"`
	AllowedRoles    []string `hcl:"allowed_roles,optional"`
	Stores          []string `hcl:"stores,optional"`
	DeletionAllowed bool     `hcl:"deletion_allowed,optional"`
}

type TransformTokenizationTest 

type TransformTokenizationTest struct {
	// contains filtered or unexported fields
}

func (*TransformTokenizationTest) Cleanup 

func (t *TransformTokenizationTest) Cleanup(client *api.Client) error

func (*TransformTokenizationTest) Flags 

func (t *TransformTokenizationTest) Flags(fs *flag.FlagSet)

func (*TransformTokenizationTest) GetTargetInfo 

func (t *TransformTokenizationTest) GetTargetInfo() TargetInfo

func (*TransformTokenizationTest) ParseConfig 

func (t *TransformTokenizationTest) ParseConfig(body hcl.Body) error

func (*TransformTokenizationTest) Setup 

func (t *TransformTokenizationTest) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*TransformTokenizationTest) Target 

func (t *TransformTokenizationTest) Target(client *api.Client) vegeta.Target

type TransformTokenizationTestConfig 

type TransformTokenizationTestConfig struct {
	StoreConfig        *TransformStoreConfig        `hcl:"store,block"`
	StoreSchemaConfig  *TransformStoreSchemaConfig  `hcl:"store_schema,block"`
	RoleConfig         *TransformRoleConfig         `hcl:"role,block"`
	TokenizationConfig *TransformTokenizationConfig `hcl:"tokenization,block"`
	InputConfig        *TransformInputConfig        `hcl:"input,block"`
}

type TransitConfig 

type TransitConfig struct {
	PayloadLen           int                   `hcl:"payload_len,optional"`
	ContextLen           int                   `hcl:"context_len,optional"`
	TransitConfigKeys    *TransitConfigKeys    `hcl:"keys,block"`
	TransitConfigSign    *TransitConfigSign    `hcl:"sign,block"`
	TransitConfigVerify  *TransitConfigVerify  `hcl:"verify,block"`
	TransitConfigEncrypt *TransitConfigEncrypt `hcl:"encrypt,block"`
	TransitConfigDecrypt *TransitConfigDecrypt `hcl:"decrypt,block"`
}

type TransitConfigDecrypt 

type TransitConfigDecrypt struct {
	Name                       string        `hcl:"name,optional"`
	Ciphertext                 string        `hcl:"ciphertext,optional"`
	AssociatedData             string        `hcl:"associated_data,optional"`
	Context                    string        `hcl:"context,optional"`
	Nonce                      string        `hcl:"nonce,optional"`
	Reference                  string        `hcl:"reference,optional"`
	BatchInput                 []interface{} `hcl:"batch_input,optional"`
	PartialFailureResponseCode int           `hcl:"partial_failure_response_code,optional"`
}

/transit/decrypt/:name

type TransitConfigEncrypt 

type TransitConfigEncrypt struct {
	Name                       string        `hcl:"name,optional"`
	Plaintext                  string        `hcl:"plaintext,optional"`
	AssociatedData             string        `hcl:"associated_data,optional"`
	Context                    string        `hcl:"context,optional"`
	KeyVersion                 int           `hcl:"key_version,optional"`
	Nonce                      string        `hcl:"nonce,optional"`
	Reference                  string        `hcl:"reference,optional"`
	BatchInput                 []interface{} `hcl:"batch_input,optional"`
	Type                       string        `hcl:"type,optional"`
	ConvergentEncryption       bool          `hcl:"convergent_encryption,optional"`
	PartialFailureResponseCode int           `hcl:"partial_failure_response_code,optional"`
}

/transit/encrypt/:name

type TransitConfigKeys 

type TransitConfigKeys struct {
	Name                 string `hcl:"name,optional"`
	ConvergentEncryption bool   `hcl:"convergent_encryption,optional"`
	Derived              bool   `hcl:"derived,optional"`
	Exportable           bool   `hcl:"exportable,optional"`
	AllowPlaintextBackup bool   `hcl:"allow_plaintext_backup,optional"`
	Type                 string `hcl:"type,optional"`
	KeySize              int    `hcl:"key_size,optional"`
	AutoRotatePeriod     string `hcl:"auto_rotate_period,optional"`
	ManagedKeyName       string `hcl:"managed_key_name,optional"`
	ManagedKeyID         string `hcl:"managed_key_id,optional"`
}

/transit/keys/:name

type TransitConfigSign 

type TransitConfigSign struct {
	Name                string        `hcl:"name,optional"`
	KeyVersion          int           `hcl:"key_version,optional"`
	HashAlgorithm       string        `hcl:"hash_algorithm,optional"`
	Input               string        `hcl:"input,optional"`
	Reference           string        `hcl:"reference,optional"`
	BatchInput          []interface{} `hcl:"batch_input,optional"`
	Context             string        `hcl:"context,optional"`
	Prehashed           bool          `hcl:"prehashed,optional"`
	SignatureAlgorithm  string        `hcl:"signature_algorithm,optional"`
	MarshalingAlgorithm string        `hcl:"marshaling_algorithm,optional"`
	SaltLength          string        `hcl:"salt_length,optional"`
}

/transit/sign/:name

type TransitConfigVerify 

type TransitConfigVerify struct {
	Name                string        `hcl:"name,optional"`
	HashAlgorithm       string        `hcl:"hash_algorithm,optional"`
	Input               string        `hcl:"input,optional"`
	Signature           string        `hcl:"signature,optional"`
	HMAC                string        `hcl:"hmac,optional"`
	Reference           string        `hcl:"reference,optional"`
	BatchInput          []interface{} `hcl:"batch_input,optional"`
	Context             string        `hcl:"context,optional"`
	Prehashed           bool          `hcl:"prehashed,optional"`
	SignatureAlgorithm  string        `hcl:"signature_algorithm,optional"`
	MarshalingAlgorithm string        `hcl:"marshaling_algorithm,optional"`
	SaltLength          string        `hcl:"salt_length,optional"`
}

/transit/verify/:name(/:hash_algorithm)

type TransitTest 

type TransitTest struct {
	// contains filtered or unexported fields
}

func (*TransitTest) Cleanup 

func (t *TransitTest) Cleanup(client *api.Client) error

func (*TransitTest) Flags 

func (t *TransitTest) Flags(fs *flag.FlagSet)

func (*TransitTest) GetTargetInfo 

func (t *TransitTest) GetTargetInfo() TargetInfo

func (*TransitTest) ParseConfig 

func (t *TransitTest) ParseConfig(body hcl.Body) error

func (*TransitTest) Setup 

func (t *TransitTest) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*TransitTest) Target 

func (t *TransitTest) Target(client *api.Client) vegeta.Target

type TransitTestConfig 

type TransitTestConfig struct {
	Config *TransitConfig `hcl:"config,block"`
}

type UserpassAuth 

type UserpassAuth struct {
	// contains filtered or unexported fields
}

func (*UserpassAuth) Cleanup 

func (u *UserpassAuth) Cleanup(client *api.Client) error

func (*UserpassAuth) Flags 

func (u *UserpassAuth) Flags(fs *flag.FlagSet)

func (*UserpassAuth) GetTargetInfo 

func (u *UserpassAuth) GetTargetInfo() TargetInfo

func (*UserpassAuth) ParseConfig 

func (u *UserpassAuth) ParseConfig(body hcl.Body) error

ParseConfig parses the passed in hcl.Body into Configuration structs for use during test configuration in Vault. Any default configuration definitions for required parameters will be set here.

func (*UserpassAuth) Setup 

func (u *UserpassAuth) Setup(client *api.Client, randomMountName bool, mountName string) (BenchmarkBuilder, error)

func (*UserpassAuth) Target 

func (u *UserpassAuth) Target(client *api.Client) vegeta.Target

type UserpassAuthConfig 

type UserpassAuthConfig struct {
	Username             string   `hcl:"username,optional"`
	Password             string   `hcl:"password,optional"`
	TokenTTL             string   `hcl:"token_ttl,optional"`
	TokenMaxTTL          string   `hcl:"token_max_ttl,optional"`
	TokenPolicies        []string `hcl:"token_policies,optional"`
	TokenBoundCidrs      []string `hcl:"token_bound_cidrs"`
	TokenExplicitMaxTTL  string   `hcl:"token_explicit_max_ttl,optional"`
	TokenNoDefaultPolicy bool     `hcl:"token_no_default_policy"`
	TokenNumUses         int      `hcl:"token_num_uses"`
	TokenPeriod          string   `hcl:"token_period"`
	TokenType            string   `hcl:"token_type,optional"`
}

type UserpassTestConfig 

type UserpassTestConfig struct {
	Config *UserpassAuthConfig `hcl:"config,block"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.